OpenStack for Everyone

REASON:I must point out that the quickest way to dive into Openstack is to head over to The Openstack Sandbox Project. They have done an excellent job at making sure anyone can test and learn openstack. You will need a Facebook account, as the authentication piece is handle by the Facebook Login API. Additionally, some of the features are not enabled (like Heat orchestration), but some really cool features are (like Trove). Give them a try first, and then when you've decided you really like it, and want to use it more come back to this handy walkthrough!

Welcome

I'm going to start this blog off with a little primer on how to get an Openstack deployment up and running in your own environment. This will pay off in the future, as most of the examples will have origins in my own Openstack architectures (and I have quite a few). Sure, you can use Virtualbox (in fact I encourage it), but what if you want to have a home lab of your own? If you're like me, you prefer have home equipment robust enough to try various things, but eco-friendly enough to stay on for most days out of the year. Maybe you've used a Mac Mini [or are currently] because of its small footprint; both eco and physical. It's really not bad for a little home server, but Apple took a step backwards recently with no upgradable hardware, and even the current hardware is lagging behind their other devices (i5 and 4MB L3 cache; you can do better than that Apple). Unfortunately, it appears that they're not interested in catering to the home tinkerer, even though I'm convinced that was the majority of users for the hackable Mac Mini.

Let's nerd out on hardware first:

Frustrated with Apple, I was hot on the search for replacement hardware (I had one Mini go belly-up and I needed a replacement stat). I found an acceptable solution using the following hardware components:

At the time this post was written, that's around $1050 and is definitely a Mac Mini killer, although it's much larger in size. Let's not even discuss the poor, underpowered Intel NUC (although it's 'green', it's definitely no virtualization warrior). No, my recommended solution isn't quite as eco-friendly, but you'll be much happier with this platform in the long-run. You can definitely attempt an Openstack installation on whatever hardware you'd like (the Intel NUC would be fine), although you'll need to review your Intel virtualization options, cache and other variations, when comparing the Intel NUC, the Mac Mini, and the Shuttle I have listed above.

NOTE: Of course, now the NUC and others have caught up and the options are getting better! You'll just have to decide for yourself what works best for your situation.

I did add one other thing to the mix, and that was an Intel Pro 1000 NIC which sells for around $50.00. So I was up to $1,100 for all of my big components.

Getting back to Openstack:

If you know a little bit about Openstack, then you may be thinking "Wait, I thought you needed multiple machines to deploy and use Openstack?" That's not exactly true; we're going to install an 'all-in-one' deployment of Openstack (but I'll explain how you can grow your environment later).

Enter RDO, the RHEL/CentOS/Fedora Openstack Option:

One of the easier (er, less painful) implementations of Openstack [for development] is using RDO, which actually uses a Packstack file along with Puppet Modules to build out the Openstack environment for the 'average user.' Perfect, right? The best part about RDO is it allows the administrator/developer to grow the environment as needed via the Packstack file (you could re-run Packstack to add additional compute nodes, or to add something specific like a separate nova-docker node). What I like about RDO is the flexibility it gives me. It could be used for development, home labs, or if you use the Puppet Modules, you could use it as the framework for your production environments that need a simple implementation and upgrade approach.

Implementing RDO Openstack (Kilo):

Currently (refer to the date of this article), Kilo is fully baked and Liberty is just around the corner. We're going to get Openstack running with as few steps as possible, and in another article we'll talk about some more advanced approaches.

This article is going to make a couple of assumptions (just to level-set the audience):

You have installed a Minimal Install of CentOS 7.1

During the installation you added a user (which has sudo access to install shit)

DNS is working correctly, and your box can get out to the internet for updates

I'm going to assume you haven't done much beyond default partitioning

You're OK with running a single instance [for now]

You're good at following directions

That last part isn't a joke since you could easily run into pitfalls if you don't follow along. I'll try to make it painless, I promise.

Let's do some systemy shit first:

After your clean installation of CentOS, let's do a couple of things:

Add a 'FQDN' hostname to /etc/hosts. I like transformers, so I am going to call my server galvatron.jinkit.com.

Perform an update with yum -y update

Replace NetworkManager

systemctl stop NetworkManager

systemctl disable NetworkManager

systemctl enable network

Use the command ip addr to determine your interface enumeration. Verify this enumeration with what is found in the /etc/sysconf/network-scripts/* directory. Also verify the content within each of the /etc/sysconf/network-scripts/ifcfg-[ENUM] files. We will need to come back to this in just a moment. If you find an anomaly, correct it.

ifdown all of the interfaces except for the interface you are working on (and hopefully the one you are using for DNS). The DNS for this host should be a FQDN, or written as such in the host file as I described earlier. I do both for my installs actually.

Start the network daemon by issuing the following command: ifdown <interface> && systemctl start network (this shouldn't drop your ssh connection, so-long-as the IP address remains the same and there are no errors from a previous step).

Before you start with a reboot, let's turn off the firewall and put SELinux in permissive mode prior to our Openstack installation (although it should be perfectly fine to leave SELinux enabled by default):

To disable the firewall enter systemctl disable firewalld and to stop it enter systemctl stop firewalld.

Then let's disable SELinux by entering sudo vi /etc/sysconfig/selinux and make sure it looks like the following (changed enforcing to permissive. Everything else is fine for now.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

Now we're ready to reboot, so enter sudo systemctl reboot.

Let's get this party started:

Install the RDO package repository on your system: sudo yum install -y https://rdoproject.org/repos/rdo-release.rpm.
NOTE: At the time this post was written, the release is Kilo.

Install RDO Openstack with the following command: packstack --allinone --provision-demo=n

At this point, I'm going to give my wrists a break and come back after I'm done eating. There's definitely more to come though, because we'll need to make it all work after the installer is finished! This command only gets the environment installed.

Understanding what just happened:

The steps above will get you to a pretty good place, but it won't exactly get you to the point where your hosts are routing through your LAN and eventually through your default internet gateway. You'll notice after the installer is finished that you will have some nice output like the following:

**** Installation completed successfully ******
Additional information:
* A new answerfile was created in: /home/[user]/packstack-answers-[%y%m%d-%h%m%s].txt
* Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components.
* File /home/[user]/keystonerc_admin has been created on OpenStack client host [ip_address]. To use the command line tools you need to source the file.
* To access the OpenStack Dashboard browse to http://[ip_address]/dashboard .
Please, find your login credentials stored in the keystonerc_admin in your home directory.
* To use Nagios, browse to http://[ip_address]/nagios username: nagiosadmin, password: [unique_password]
* The installation log file is available at: /var/tmp/packstack/[%y%m%d-%h%m%s]-[unique_dir]/openstack-setup.log
* The generated manifests are available at: /var/tmp/packstack/[%y%m%d-%h%m%s]-[unique_dir]/manifests

In order to log into and use the Openstack Dashboard WebUI (known as Horizon) you will need the Keystone credentials. The Keystone credentials are found in a Packstack artifact named keystonerc_admin left at /home/[user]/keystonerc_admin.

What's awesome about RDO is it that it uses Packstack to deploy, which in turn uses Puppet manifests to install the Openstack platform. This makes it easy to copy into Foreman or a Puppet Labs server for later use! In fact, all of the Openstack Puppet Modules can be found on Puppet Forge.

Now we're going to pick up in a slightly different tutorial (Part 2) to discuss optimizing what we've just done, and to use this Openstack deployment on our own network. I mean, you wanted this to be a useful walk-through, right?